Exam GCIH All QuestionsBrowse all questions from this exam
Go to Exam
Question 1

Adam works as an Incident Handler for Umbrella Inc. He has been sent to the California unit to train the members of the incident response team. As a demo project he asked members of the incident response team to perform the following actions:

✑ Remove the network cable wires.

✑ Isolate the system on a separate VLAN

✑ Use a firewall or access lists to prevent communication into or out of the system.

✑ Change DNS entries to direct traffic away from compromised system

Which of the following steps of the incident handling process includes the above actions?

    Correct Answer: B

    The steps listed such as removing network cables, isolating the system, using firewalls or access lists to block communication, and changing DNS entries are all measures aimed at preventing the spread of the incident and mitigating further damage. These actions are part of the Containment phase in the incident handling process. Containment focuses on limiting the scope and impact of an incident.

Discussion
z0dayOption: B

B? containment